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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 9/30/2003; 
amendment filed 1/28/2009. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
1/28/2009 has been entered. 

3. Claims 1-20, 22-24 are pending in the case. Claims 21 and 25-34 are cancelled 
by the applicant. 

Response to Arguments 



4. Objection to claim 1 is hereby withdrawn due to applicant's amendment. 
Applicant's argument relative to rejection under section 103(a) is moot in view if the new 
grounds of rejection outlined below: 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims land 2 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Xiong (US Patent No. 7,096,490, filed March 20, 2002) in view of Gabber (US Patent 
No. 5,961 ,593, dated October 5, 1999), and further in view of Selvarajan (US Patent 
Application Publication No. 2002/0032649, filed April 1 1 , 2001 ), and further in view of 
Rowland (US patent No. 6,405,318, filed March, 1999). 

6.1 . As per claim 1 , Xiong is directed to a method for generating temporarily assigned 
identity information implemented in a computer-readable medium and executed on a 
proxy service to perform the method, comprising: authenticating identity information 
associated with a request received from a requestor for accessing a service, wherein 
the request is sent from the requestor to the service and intercepted for processing 
(Xiong col. 5 line 23 to col. 6 line 27, teaches a request for authentication from the 
client to the ISP intercepted by a auto-configuration device 10. Device 10 negotiates 
the authentication protocol and user identity and password to be used for 
authentication that is supported by both the client and the ISP); generating temporarily 
assigned identity information for the requestor (Xiong teaches presenting encrypted 
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user ID and password in place of the unencrypted user ID and password for 
authentication. However, Xiong does not explicitly teach generation of a temporary 
assigned identity for the requestor. Gabber teaches generation of an alias or substitute 
identifier (temporary assigned identity) to replace the user ID (Gabber col. 1 1 lines 15- 
37, and abstract)); 

Gabber also teaches and wherein the temporary assigned identity information is used 
for impersonating the requestor and includes a subset of original information associated 
with the requestor (Gabber col. 8 lines 17-63 shows that the temporary assigned identity 
is used to impersonate the user, and at the mean time keeps some of the original 
information associated with the original request. This is because Gabber's temporary 
assigned identity is anonymous, but consistent. The user's private information can not 
be identified, yet the user is recognized and accordingly provided personalized service. 
Therefore, some of the user original information must be included in temporary id); 
updating a protected identity directory with the temporarily assigned identity information 
(Gabber col. 1 1 line 37-53 shows that the substitute id (temporary id) is computed 
based on the stored data (ID, secret domain-name), which is equivalent of a directory. 
Note that Gabber col. 12 line 8-18 teaches that keeping a directory to translate user 
data to substitute data is part of prior art); and directly transmitting the request and the 
temporarily assigned identity information to the service on behalf of the requester 
(Gabber col. 11 line 36-66), wherein the service accesses the protected identity 
directory with the temporarily assigned identity information to authenticate the 
requestor for access (Gabber col. 1 1 lines 37-53 shows the server requests 
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authentication data from proxy site 1 10a (which provides the temporary assigned 
identity information) and receives the authentication data from the proxy), and wherein 
the temporarily assigned identity information syntax and semantic format recognized 
and expected by the service for authentication access to the service (Gabber's 
substitute ID is used to authenticate the user to the service, therefore, matched the 
syntax and semantic format of the service. Also, Xiong col. 5 line 23 to col. 6 line 27 
shows that the auto-configuration device adjusts the protocol such that both the client 
and the ISP (service) support the authentication protocol). 

Gabber and Xiong are analogous art as they are both directed to facilitating 
authentication between a client and a server. At the time of invention, it would have 
been obvious to the one skilled in art to enhance Xiong's system of auto-configuring 
the authentication protocol, by adding a temporary user ID to protect the identity of the 
user. The motivation to do so would have been to protect the identity of the user and 
eliminating unwanted communication as suggested by Gabber col. 1 line 20 to col. 2 
line 11. 

Xiong in view of Gabber does not explicitly teach the temporary assigned identity 
information is unique to the request and expires when the request expires or when the 
requestor logs out or terminates a communication session associated with the service. 
Gabber does teach that the temporary identity for all requests to each distinct service 
provider is unique (see col. 6 line 59 to col. 7 line 17), but does not generate a unique 



Application/Control Number: 10/676,138 Page 6 

Art Unit: 2439 

ID for each and every request. Gabber also teaches keeping track of sessions between 
the user and service provider (see col. 14 lines 26-47), but does not teach expiring the 
temporary identity at the end of each session. 

Selvarajan teaches a system to generate a high secure single usage e-currency-ID (see 
Abstract) for performing Internet based transactions using a credit card. Selvarajan 
teaches generation of unique ID (per use), including a preset time-out, which expires 
after a predetermined time (see parag. 19). 

At the time of invention, it would have been obvious to the one skilled in art to modify 
Xiong in view of Gabber, by enhancing Gabber's system of ID generation to generate 
IDs unique to each request (per use), and expiring after a time-out period, as taught by 
system of Selvarajan. Note that Gabber teaches use of credit card for payments, while 
concealing the user credit card information, if an intermediate system, such as the 
service provider (AMERICA ONLINE) can provide its own credit card info (see Gabber 
col. 12 line 57, to col. 13 line 5). Therefore enhancing Gabber systems to accommodate 
secured credit card transactions is readily suggested by Gabber. Note that Selvarajan's 
system provides secure credit card payments by generating a unique temporary ID. 

The motivation to combine said teachings of Selvarajan with Xiong in view of Gabber 
would be increasing security such that more critical transactions, such as credit card 
payment could be accommodated. 
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Xiong in view of Gabber and Selvarajan does not explicitly teach the service detecting 
and denying multiple login events that use the temporary assigned identity information. 

Rowland is directed to an intrusion detection system that monitors activities and detects 
and mitigates suspect activity (see abstract). Rowland column 5 lines 10-20 teaches 
that when the multiple login activities using the same identity is detected, it is a sign of 
suspect activity and access is denied. 

Rowland and Xiong in view of Gabber and Selvarajan are analogous art as they are 
directed to information security systems and access control enforcement. At the time of 
invention, it would have been obvious to the one skilled in art to combine the teachings 
of Rowland, and particularly the intrusion detection mechanism that detects and 
disables multiple logins using the same credentials, with the system of Xiong in view of 
Gabber and Selvarajan. The motivation to do so would have been to further secure the 
system by mitigating intrusion attempts. 

6.2. As per claim 2, Xiong in view of Gabber, Selvarajan and Rowland is directed the 
method of claim 1 further comprising: generating a mapping between the identity 
information and the temporarily assigned identity information; and storing the mapping 
in a local identity mapping store (Gabber col. 12 lines 7-17 teaches that storing the 
mapping data is in the prior art. Fig. 5 and associated text shows an alternative 
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embodiment, including a local proxy server, which provides mapping data locally. Also 
see col. 7 lines 25 to 40, teaching storage of identity information in a database or alias 
table). 

7. Claims 3-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Xiong (US Patent No. 7,096,490, filed March 20, 2002) and view of Gabber (US Patent 
No. 5,961 ,593, dated October 5, 1999), and further in view of Selvarajan (US Patent 
Application Publication No. 2002/032649, filed April 11, 2001), and further in view of 
Rowland and further in view of Gupta (US Patent No. 6,868,448, filed March 12, 1999). 

7.1 . As per claim 3, Xiong in view of Gabber, and further in view of Selvarajan is 
directed to the method of claim 2 further comprising, synchronizing the local identity 
mapping store and the mapping with one or more addition local identity mapping stores 
(Gabber teaches storing the identity information in local or central directories. 
Synchronizing the local identity mapping store and the mapping with one or more 
addition local identity mapping stores was a well known attribute of distributed directory 
services systems at the time of invention. However, Gabber does not explicitly discuss 
the mentioned attribute. 

Gupta teaches a Directory Service (col. 16 line 42 to col. 17 line 14), which replicates 
data (entries) in several directory services distributed in different geographical areas. 
Gupta also teaches local application servers, which perform authentication and store 
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the related identity information (col. 7 lines 12 to 25). The identity information stored at 
the local servers is automatically updated when the information at the remote server is 
updated. Therefore, Gupta teaches synchronizing the local identity mapping store and 
the mapping with one or more addition local identity mapping stores. 

Gupta and Gabber are analogous art, as they are both related to locating and providing 
data, resources and services to users in a distributed network. At the time of invention, 
it would have been obvious to a person skilled in art to deploy the distributed directory 
service taught by Gupta in the system of Xiong in view of Gabber and Selvarajan to 
allow access to user authentication data in a distributed network. One motivation to do 
so would have been balancing the load of directory servers as suggested in Gupta col. 
18, line 3 to 47. 

7.2. As per claim 4, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 1 wherein the generating further 
includes assembling an aggregate identity configuration for the requestor from one or 
more authoritative identity stores before generating the temporarily assigned identity 
information (Gabber col. 7 line 1 to col. 9 line 65 shows that the substitute ID is 
generated from a universal user ID and password combined with site specific data. 
Therefore, Gabber stores a universal secret from an authoritative store before 
generating substitute IDs). 
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7.3. As per claim 5, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 1 further comprising, removing the 
temporarily assigned identity information from the protected identity directory after 
detecting a terminating event that terminates the authenticity of the temporarily 
assigned identity information (Gupta col. 7 lines 12 to 25). 

7.4. As per claim 6, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 5 further comprising recycling a 
storage space occupied by the temporarily assigned identity information for use in a 
subsequent iteration of the method (re-use of the space previously occupied by deleted 
data is standard practice in computer systems). 

7.5. As per claims 7-9, Xiong in view of Gabber, further in view of Selvarajan, and 
further in view of Gupta is directed to the method of claim 1 further comprising: 
detecting dynamic changes made on at least a portion of the identity information, 
wherein the changes are detected within the protected identity directory; and 
synchronizing the temporarily assigned identity information and other local identity 
stores with the changes and logging the changes (see response to claim 3. It is well 
known in distributed directory systems to detect a change, update the information in the 
main and other local directory services and log the event). 



Application/Control Number: 10/676,138 Page 1 1 

Art Unit: 2439 

8. Claims 10-20, 22-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Xiong (US Patent No. 7,096,490, filed March 20, 2002) and view of Gabber (US 
Patent No. 5,961 ,593, dated October 5, 1 999), and further in view of Selvarajan (US 
Patent Application Publication No. 2002/032649, filed April 1 1 , 2001 ), and further in 
view of Rowland and further in view of Gupta (US Patent No. 6,868,448, filed March 12, 
1999), and further in view of Examiner Official Notice. 

8.1 . Claim 10 requires removing the mapping between the identity configuration and 
temporary assigned identity when the request expires. As shown in rejection of claim 5 
above, removal of information associated with a session after the session is terminated 
is made obvious but Gupta's teaching in col. 7 lines 12 to 25. Therefore it would have 
been obvious to remove the mappings associated with the session, when the session is 
terminated. 

8.2. Claim 17 requires the identity information to include a combination of an 
identification, a password, a certificate, a token, a biometric value, a hardware value, a 
network connection value, and a time value. Gabber col. 6 lines 59-67 show the identity 
information includes a password and a user name (an identity). Creation of an identity 
from a combination of elements was well-known in the art. Therefore, it would have 
been obvious to create an identity from a combination of a password and a user name, 
or other elements and attributes related to a user. The motivation would have been to 
make it more difficult to guess the identity. 
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8.3. Limitations of claim 1 8 are substantially the same as claims 1 7 and 3. 

8.4. Claim 23 requires temporarily assigned identity information is randomly or 
deterministically generated. Per Gabber col. 7 lines 1-2, the character string used to 
generate the substitute ID is chosen randomly. 

8.5. Limitations of claims 1 1 -1 6, 1 9, 20, 22, and 24 are substantially the same as 
claims 1-10, 17, and 18 above. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
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applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

/Farid Homayounmehr/ 

Examiner 
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